CVE-2021-1578

CWE-636CWE-755Improper Exception HandlingCWE-8355 documents5 sources
Severity
8.8HIGH
EPSS
1.0%
top 22.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Application Policy Infrastructure ControllerCisco Cloud Application Policy Infrastructure ControllerCisco Cisco Application Policy Infrastructure Controller (apic)
Timeline
PublishedAug 25
Latest updateMay 24

Description

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-9fcm-298r-cw5q: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Cont2022-05-24
CVEList
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability2021-08-25

📋Vendor Advisories

2
Cisco
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability2021-08-25
Red Hat
kernel: infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c for certain nested page faults2020-04-21
CVE-2021-1578 (HIGH CVSS 8.8) | A vulnerability in an API endpoint | cvebase.io